Software development environments are becoming more sophisticated by allowing the development of similar applications and/or application documents under a common development framework. This facilitates more user-friendly utilization such that developers can more readily and easily develop software, and hence, share the applications and/or documents with others. Since a common development framework is now available to many more users, the development of projects and other related entities can now be made widely available for public use.
Developers trade project entities through websites, e-mail and version control systems. As developers start sharing these entities, whether locally or over the Internet via community websites, for example, it is easy for the recipient user to grab a publicly available project (or entity) and load it into the development environment for immediate perusal and/or use. One of the first things the recipient developer will want to do is to build the entity in a build process to determine what it actually does. However, the process of building could invoke code embedded for malicious purposes. For example, while the build process is occurring, malicious code could be surreptitiously looking for user account numbers and passwords that can then be covertly transmitted to another location without the developer knowing about it.
What is needed is a trust mechanism that instills a level of trust in entities that are shared between developers and users.